RBAC, Scopes and User Roles
Important Key Terms to Understand: RBAC, Scopes and User Roles
Role-Based Access Controls (RBAC) is a system that limits network access based on an individual's role within an organization. It involves assigning permissions and privileges to ensure users have the appropriate level of access according to their roles and responsibilities.
Scopes- A scope defines where specific tasks a user or service account in an organization can be preformed.
User Roles are aggregations of scopes that define what tasks a user can perform based on the access permissions assigned to their role within the organization.
In the Blink Platform, access permissions to Blink's resources and their functionality are managed through Role-based Access Control (RBAC) and User Roles. Blink Users are assigned User Roles based on two distinct scopes: the Tenant scope and the Workspace Scope. The Tenant scope covers permissions across the entire tenant, while the Workspace scope focuses on permissions within individual workspaces. Each role has its own set of predefined roles and permissions. Every Blink user has at least one Tenant Role and a separate Workspace role for each workspace they are part of. User Roles can differ between workspaces; for example, you might be an Owner in one workspace and a Contributor in a different. Additionally, you have the option to create your own custom user roles.
Please note that users assigned an Admin Role in the Tenant Scope have editing permissions across all tenant workspaces.
Tenant User Role Scope:
Under the Tenant User Role Scope , you can be assigned a built-in user role as an Admin, Builder, Consumer, Tenant Guest or any custom user role created in your Tenant scope.
1. Admin
As an Admin, you have full access to all Workspaces and control over all tenant settings.
Admin Permissions Table
| Permissions | Description | Scope |
|---|---|---|
| Account Settings | View entities and settings. | account:view |
| Account Settings | Invite users to the account. | account:invite |
| Account Settings | Create entities and update all settings. | account:edit |
| Self-Service Portal | View Services | self_service_portal:service:view |
| Self-Service Portal | View Apps | self_service_portal:app:view |
| Self-Service Portal | Execute Services | self_service_portal:service:execute |
| Self-Service Portal | Execute Apps | self_service_portal:app:execute |
| Workspaces | View Workspaces | workspace:view |
2. Consumer
As a Consumer, you have full access to Self-service portal access and read only access to Case management
Consumer Permissions Table
| Permissions | Description | Scope |
|---|---|---|
| Self-Service Portal | View Services | self_service_portal:service:view |
| Self-Service Portal | View Apps | self_service_portal:app:view |
| Self-Service Portal | Execute Services | self_service_portal:service:execute |
| Self-Service Portal | Execute Apps | self_service_portal:app:execute |
3. Builder
As a Builder, you have access to workspaces you are a member of and have full access to the Self Service Portal.
Builder Permissions Table
| Permissions | Description | Scope |
|---|---|---|
| Self-Service Portal | View Services | self_service_portal:service:view |
| Self-Service Portal | View Apps | self_service_portal:app:view |
| Self-Service Portal | Execute Services | self_service_portal:service:execute |
| Self-Service Portal | Execute Apps | self_service_portal:app:execute |
| Workspaces | View Workspaces | workspace:view |
4. Tenant Guest
As a Tenant Guest you have only access permissions to view Workspaces
Tenant Guest Permissions Table
| Permissions | Description | Scope |
|---|---|---|
| Workspaces | View Workspaces | workspace:view |
Workspaces User Role Scope
Under the Workspace User Role Scope , you can be assigned a built-in role as an Owner, Contributor, Viewer or Case Management Guest or any custom Workspace user role created in your Tenant.
To assign a user a Workspace Role , follow these instructions.
1. Owner
As an owner, you have full access to the workspace and workspace settings.
Owner Permissions Table
| Permissions | Description | Scope |
|---|---|---|
| Apps | View existing applications | app:view |
| Apps | Create and edit applications | app:edit |
| Workflows | View existing Workflows | workflow:view |
| Workflows | Create and edit Workflows | workflow:edit |
| Case Management | View existing cases | case_management:view |
| Case Management | Create and edit cases. | case_management:edit |
| Case Management | Manage case management settings. | case_management:admin |
| Connections | View existing connections | connections:view |
| Connections | Create and edit connections | connections:edit |
| Global Variables | View existing global variables | global_variables:view |
| Global Variables | Create and edit global variables | global_variables:edit |
| Runners | View existing runners | runners:view |
| Runners | Create and edit runners | runners:edit |
| Tables | View existing tables | tables:view |
| Tables | Create and edit tables | tables:edit |
| Workspaces | Share workspaces resources | workspaces:share |
| Workspaces | Update workspace settings | workspaces:edit |
| Workspaces | Delete workspaces | workspaces:delete |
2. Contributor
As a contributor, you have full access to the workspaces.
Contributor Permissions Table
| Permissions | Description | Scope |
|---|---|---|
| Apps | View existing applications | app:view |
| Apps | Create and edit applications | app:edit |
| Workflows | View existing workflows | Workflow:view |
| Workflows | Create and edit workflows | workflow:edit |
| Case Management | View existing cases | case_management:view |
| Case Management | Create and edit cases. | case_management:edit |
| Case Management | Manage case management settings. | case_management:admin |
| Connections | View existing connections | connections:view |
| Connections | Create and edit connections | connections:edit |
| Global Variables | View existing global variables | global_variables:view |
| Global Variables | Create and edit global variables | global_variables:edit |
| Runners | View existing runners | runners:view |
| Runners | Create and edit runners | runners:edit |
| Tables | View existing tables | tables:view |
| Tables | Create and edit tables | tables:edit |
| Workspaces | Share workspace resources | workspaces:share |
3. Viewer
As a viewer, you can only observe the mentioned features without the ability to edit or create them.
Viewer Permissions Table
| Permissions | Description | Scope |
|---|---|---|
| Apps | View existing applications | app:view |
| Workflows | View existing workflows | workflow:view |
| Case Management | View existing cases | case_management:view |
| Connections | View existing connections | connections:view |
| Global Variables | View existing global variables | global_variables:view |
| Runners | View existing runners | runners:view |
| Tables | View existing tables | tables:view |
4. Case Management Guest
As a Case Management Guest, you have access permissions to specific cases within Case Management.
Case Management Guest Permissions Table
| Permissions | Description | Scope |
|---|---|---|
| Case Management | Edit only the cases shared with the user and their groups, including any linked entities | case_management:restricted |
Adding a New Role
In the top-right corner, click on New Role button in the top right-corner.
A dialogue box will open, displaying all user role permissions.
Add a Role Name and a Role Description.
Select a Role Scope by selecting between a Tenant Role or a Workspace Role from the dynamic dropdown.
Please note that Tenant Role or a Workspace Role have different access permissions.
- Then, select the relevant checkboxes to customize user role permissions and then click the create icon.
